Malybuzz is a Python tool focused in discovering programming faults in network software. It's a fuzzer and his function is to create malformed requests of the desired protocol to cause an unexpected situation which the target software can't manage correctly. The fact is that the appropriate security measures aren't adopted developing network-based applications nowadays, and it's an excellent channel to penetrate in a system, or to cause a Denial of Service at least.

The normal execution of the tool is composed by several steps. Firstly the malformed commands are generated depending on the configuration, the target application and the used protocol. After that, the communication channel with the target is established, and the commands begin to be sent. For each sent command a response will be waited and will be checked. If it's not correct, this situation will be reported, and otherwise the sending process will be continued.

The specification of each protocol is done through two XML files: one of them specifies the possible commands which can be sent and the other the possible responses for each of the commands. Nowadays only FTP and SIP protocols are defined but the addition of new ones is simple. For a better knowledge of the tool and the process to follow in order to add new protocols I recommend you reading the User Manual.

But this is the default way, this won't fuzz anything, it's only a sample. This is based on the sip.xml template file of the Protocols/Specifications/UDP/sip folder. In this folder there are some useful samples,like inviteFuzzingLength.xml and inviteTest.xml. To create your own fuzzing test you must make a copy of the templates and samples and modify them. Once you've done it you can launch the test as follows:

Also, by default, the first command which is sent in SIP fuzzing sessions is the CANCEL command. Perhaps I'll change this in the next release, but at this moment you must add '-f INVITE' if you want to obtain some valid communications with the SIP application (if you want, you can modify the responses protocol file sip_states.xml too). So...

But, what happens if I must shutdown the computer before the fuzzing session has finished? The next time, will the session be started from the beginning?

No, you can specify that you want to store the session when it's aborted adding the '-k' parameter, and Malybuzz will copy your fuzzing point in the Restore folder. After that, you will be able to resume it with the '-z' option:

This tool is sooooo baaaaad...I obtain a lot of timeouts and this doesn't run like it's supposed to do.

OK, be quiet...this is not a magic wand. The fuzzing effectivity depends on the target application and the fuzzing configuration. You must understand the application behaviour and set some values to the different available timeouts (t1, t2 and t3). Perhaps you have to modify the responses protocol XML file too, in order to trace an specific communication line (send Y command when it receives X response, for example). The timeouts configuration can be done easily, but the other one is a bit more complex.

OK, but how can I configure a fuzzing session? what types of fuzzing can I do?

Like I've said, if you want to do your own tests you must copy and modify the base protocol file. You can mark the commands and fields to be sent with the attribute 'send' set to 'yes', and specify that you want to fuzz them with the 'fuzzing'. The possible values for this attribute are 'overflow', 'formatString', 'badString', 'badNumber', 'badPath', 'badIp', 'badHost', 'repeat', 'sql' and 'binary'. You can set more than one fuzzing type by separating them with commas. A little example: